Description
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.
Remediation
References
https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn
Related Vulnerabilities
CVE-2023-28675 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2016-7051 Vulnerability in maven package com.fasterxml.jackson.dataformat:jackson-dataformat-xml
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-21724 Vulnerability in maven package org.postgresql:postgresql
CVE-2019-10173 Vulnerability in maven package com.thoughtworks.xstream:xstream